Download - 09 OVM3 Virtual Machine HA
1 | © 2012 Oracle Corporation – Proprietary and Confidential
2 | © 2012 Oracle Corporation – Proprietary and Confidential
The following is intended to outline our general product
direction. It is intended for information purposes only, and
may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality,
and should not be relied upon in making purchasing
decisions.
The development, release, and timing of any features or
functionality described for Oracle’s products remains at the
sole discretion of Oracle.
Safe Harbor Statement
3 | © 2012 Oracle Corporation – Proprietary and Confidential
Use of this Site (“Site”) or Materials constitutes agreement with the following terms and conditions:
1. Oracle Corporation (“Oracle”) is pleased to allow its business partner (“Partner”) to download and copy the information,
documents, and the online training courses (collectively, “Materials") found on this Site. The use of the Materials is restricted to
the non-commercial, internal training of the Partner’s employees only. The Materials may not be used for training, promotion, or
sales to customers or other partners or third parties.
2. All the Materials are trademarks of Oracle and are proprietary information of Oracle. Partner or other third party at no time has
any right to resell, redistribute or create derivative works from the Materials.
3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any Materials. Materials are provided
"as is" without warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness
for a particular purpose, and non-infringement.
4. Under no circumstances shall Oracle or the Oracle Authorized Boot Camp Training Partner be liable for any loss, damage,
liability or expense incurred or suffered which is claimed to have resulted from use of this Site of Materials. As a condition of use
of the Materials, Partner agrees to indemnify Oracle from and against any and all actions, claims, losses, damages, liabilities
and expenses (including reasonable attorneys' fees) arising out of Partner’s use of the Materials.
5. Reference materials including but not limited to those identified in the Boot Camp manifest can not be redistributed in any format
without Oracle written consent.
Oracle Training Materials – Usage Agreement
4 | © 2012 Oracle Corporation – Proprietary and Confidential
Instructors Name
Virtual Machine High Availability
5 | © 2012 Oracle Corporation – Proprietary and Confidential
Built-In High Availability
• Increased Protection – General VM-level protection for
non-cluster-aware workloads
– No manual intervention
• Fast Recovery from
Unplanned Events:
– Physical compute node failure
– VM/OS level failures
Auto Failure Recovery
VM
Shared Storage
Compute Resource Pool
Pool of Oracle VM Servers
VM Auto Recovery VM VM X
X
6 | © 2012 Oracle Corporation – Proprietary and Confidential
Oracle VM Server Clusterware
7 | © 2012 Oracle Corporation – Proprietary and Confidential
Why Clusterware?
• Virtual machine disk
images and configuration
files must be protected
• Administrator can start a
virtual machine using
Oracle VM Manager, xm
create or XenAPI
• Leverages code base long
used for database clusters
• What if?
– Virtual machine dies
– After timeout, pool master server
adds virtual machine to restart list
– Admin logs in to server and
issues command: “xm create ...”
– Pool master server starts guest
– This collision is what Clusterware
protects against
8 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine High Availability
9 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine High Availability
• Automatic restart of failed virtual machines across the pool
– Server failure (all virtual machines restarted)
– Individual VM failure
• Reliable restart based on proven Oracle Clusterware technology
– Sophisticated heartbeat and lock management
– Reliable failure detection and corruption prevention
• Maximize up-time without complexity of traditional HA clustering
– Cost-effective solution
– No virtual machine agents or modifications required
10 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine / HA Considerations
• Excellent, easy way to make anything HA literally by checking a box
– Do have to do one-time clusterware set-up for the pool, but that’s all
• Failure detection more reliable/deterministic than VMware’s HA
– VMware: Uses network pings and disk reserve/release locking
• Notorious “node isolation” problems, i.e., problems handling servers
that it cannot contact but that still might be running
• Often results in virtual machines shutting down, but not restarting
– Oracle VM: Uses network and storage pings and disk locking
• More accurate/deterministic detection of node failure to prevent “false
positives/negatives” and maximize uptime
(1 of 4)
11 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine / HA Considerations
Two techniques:
• 1) Individual guest failure detection:
– Detected by the agent-collected status
• Are all “Running” status virtual machines running? If not, restart
• 2) Complete server failure detection
– OCFS2 clusterware driven detection
• Effectively makes pool into HA cluster
• Network- and storage (quorum disk) pings
Failure Detection (2 of 4)
12 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine / HA Considerations
• Failure detection timing: generally up to 2 minutes to trigger
restart…based on time-outs and retries
– Clusterware timing is configurable but making it too aggressive risks
“false positives”
Failure Detection (3 of 4)
13 | © 2012 Oracle Corporation – Proprietary and Confidential
Virtual Machine / HA Considerations
• It is a restart of the virtual machine based on what is on-disk: it is
what you would have if you hit the power switch
– In-flight, uncommitted data may be lost
– This is NOT a replacement for RAC: no “continuous availability”
• Virtual machine restart uses the same algorithms as a normal virtual
machine start:
– Preferred server policies will be respected
– The VMs will be load balanced across the pool
• Virtual machine restart order after server failure(s) is based on order
that virtual machines failed
HA Restart (4 of 4)
14 | © 2012 Oracle Corporation – Proprietary and Confidential
Secure Live Migration
15 | © 2012 Oracle Corporation – Proprietary and Confidential
Secure Live Migration
• Encrypted Live Migration
– no additional hardware required
– eliminates requirement for a dedicated network
• Avoids migrating a VM over the wire “in the clear”
– no risk of exposing sensitive data, e.g., passwords, account numbers
• Zero interruptions from planned events:
– Maintenance or upgrades
– Rebalancing workloads
Uninterrupted Business Services
VM
Shared Storage
Compute Resource Pool
Pool of Oracle VM Servers
VM Secure Live Migration (SSL) VM VM
16 | © 2012 Oracle Corporation – Proprietary and Confidential
17 | © 2012 Oracle Corporation – Proprietary and Confidential
18 | © 2012 Oracle Corporation – Proprietary and Confidential